[squid-users] squid 3.5.3 can't get peek and splice to not bump certain sites
Stanford Prescott
stan.prescott at gmail.com
Sun Apr 12 18:12:56 UTC 2015
I would like to give my users the ability to "not bump" certain sites. I
tried to use the examples given on the SSLPeekandSplice wiki page but can't
get it to work.
This is a snippet of my squid.conf file.
*https_port 192.168.10.1:808 <http://192.168.10.1:808> intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem*
*http_port 192.168.20.1:800 <http://192.168.20.1:800> intercept*
*https_port 192.168.20.1:808 <http://192.168.20.1:808> intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/var/smoothwall/mods/proxy/ssl_cert/squidCA.pem*
*http_port 127.0.0.1:800 <http://127.0.0.1:800> intercept*
*sslproxy_cert_error allow all*
*sslproxy_flags DONT_VERIFY_PEER*
*sslproxy_session_cache_size 4 MB*
*acl serverIsBank dstdomain wellsfargo.com <http://wellsfargo.com>*
*ssl_bump server-first all*
*ssl_bump none localhostgreen*
*ssl_bump none localhostpurple*
*ssl_bump splice serverIsBank*
*ssl_bump peek all*
*ssl_bump bump all*
*sslcrtd_program /var/smoothwall/mods/proxy/libexec/ssl_crtd -s
/var/smoothwall/mods/proxy/lib/ssl_db -M 4MB*
*sslcrtd_children 5*
When I start squid I don't get any error messages and all pages, http and
https, load properly. The problem is, using the example above, the
*https://www.wellsfargo.com
<https://www.wellsfargo.com> *website is still getting bumped, evidenced by
the appearance of the ssl website in the web proxy access logs. When I
don't have ssl_bump enabled then no https websites appear in the access
logs, as it should be. But, enabling ssl_bump and peek and splice, web
sites that I am trying not to bump still seem to be getting bumped.
Any suggestions on how to properly "not bump" certain websites.
Thanks,
Stan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150412/1b8ae287/attachment.html>
More information about the squid-users
mailing list